#OBTS

Описание: Slides: https://objectivebythesea.org/v8/talk...

Talk Description:
"Catch me if you Scan: MITRE-enhanced ML Magic to Solve Mac Malware’s Identity Crisis at Scale"
Imagine every time you check VirusTotal and see ‘Application.MAC.Generic’ – it's like looking at a puzzle chewed up by your dog, where roughly 70% of macOS malware loses its identity. Many SOC specialists simply glance at these reports, hoping the behavior tab will reveal patterns typical of a backdoor, trojan, or stealer. However, the real story is often hidden between the lines, forcing manual analysis of each sample. This not only wastes valuable time but also creates numerous challenges, especially since modern macOS malware frequently evades standard sandbox analyses (for instance, newer AMOS stealer versions may not even display a “behavior” tab on VirusTotal).

That’s why we developed a tool that helps us uncover the true nature of macOS malware every day – from the blurred “MAC.Generic” labels to precise identification of threat type and family. By leveraging ML technologies, our system automatically clusters malicious samples, revealing hidden patterns and grouping them accordingly. Combining this approach with the MITRE ATT&CK methodology and our proprietary SWARM technology enables us not only to classify samples but also to predict their type – whether it’s a trojan, a backdoor, or a false positive.

Unidentified Mac malware has long been a burden, and the cybersecurity community often shares ironic remarks and memes about this issue. Rather than just laughing at the problem, we decided to go further and inspire others to implement effective solutions within their organizations. We are open to collaboration, ready to answer questions, and eager to share our experiences integrating ML into threat detection. Although our tool is still under development, it already helps us navigate a sea of uncertainties, and we are confident that this approach will be a breakthrough for anyone concerned about macOS security.

Speakers' Bio:
👤 Kseniia Yamburh, 4 years in Threat Intelligence, one and a half of which I have been specializing in macOS as a malware researcher at Moonlock, the cybersecurity division of MacPaw.
https://x.com/osint_barbie

👤 Nazar Grycshuk, 12 years in Data Science and software development. Ex Head of Data science and R&D lead in Sigma software, Antifraud Data scientist at Parimatch, Senior Data scientist at Moonlock, the cybersecurity division of MacPaw.
  / gryshchuk  

Support the Objective-See Foundation:
https://www.objective-see.org/
https://x.com/objective_see/
  / objective-see